UDP port 1900 flooding network? - Expert Advice Needed
I have a very odd issue. Recently, I had my proxy server flood my network with udp traffic from port 1900 to ip address 239.255.255.250. In other words, when I went into iptraf, it said publicipaddress:12250 to 239.255.255.250:1900. It would flood the network with 100,000 packets within a few seconds. When I unplugged the network cable to the proxy server, of course, it all stopped. So, I feared an attack and replaced the proxy server with a hardware router temporarily, but the issue came back and again, flooded my network with this traffic. I replaced the proxy server with a different server and the problem went away. Was this a DOS attack? How can I tell if I was attacked? I didn't see anything that stood out too much in the log files, but I'm far from a guru for looking for little nuances of evidence of an attack.
Is it possible that it was all coincidental? Perhaps a UPNP bug within my network on one of the workstations? Everyone I've asked in my community is stumped, so I thought I'd check here and see what you all thought. Thanks in advance.
|